CN102694772B - Apparatus, system and method for accessing internet web pages - Google Patents

Apparatus, system and method for accessing internet web pages Download PDF

Info

Publication number
CN102694772B
CN102694772B CN201110070193.4A CN201110070193A CN102694772B CN 102694772 B CN102694772 B CN 102694772B CN 201110070193 A CN201110070193 A CN 201110070193A CN 102694772 B CN102694772 B CN 102694772B
Authority
CN
China
Prior art keywords
information
target web
web
user terminal
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201110070193.4A
Other languages
Chinese (zh)
Other versions
CN102694772A (en
Inventor
胡鹏
张子鋆
葛文兵
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Yayue Technology Co ltd
Original Assignee
Tencent Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology Shenzhen Co Ltd filed Critical Tencent Technology Shenzhen Co Ltd
Priority to CN201110070193.4A priority Critical patent/CN102694772B/en
Priority to US14/005,962 priority patent/US8898738B2/en
Priority to PCT/CN2011/083807 priority patent/WO2012126263A1/en
Publication of CN102694772A publication Critical patent/CN102694772A/en
Application granted granted Critical
Publication of CN102694772B publication Critical patent/CN102694772B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/1483Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an apparatus, system and method for accessing internet web pages, wherein the system comprises a user terminal and a proxy server. The user terminal initiates an accessing request to the proxy server, an uniform resource locator URL information of an objective web page with an identifier that requires safety authentication, and receives an objective web page information output by the proxy server and shows the object web page information. The proxy server receives the accessing request and performs the safety authentication of the URL information of the objective web page with the identifier that requires the safety authentication according to a pre-stored web page safety database information; if the URL information passes the safety authentication, the proxy server obtains the objective web page information and outputs the information to the user terminal. The invention can reduce the cost caused by the network delay when accessing the internet web pages and improve the user experience.

Description

A kind of device, system and method for accessing internet web page
Technical field
The present invention relates to secure access technology, particularly a kind of device, system and method for accessing internet web page.
Background technology
In recent years, along with developing rapidly of intelligent subscriber terminal, user user terminal access internet through browsers webpage is increased, user, by user terminal access internet through browsers webpage (being designated hereinafter simply as webpage), mainly comprises direct linkage type access and two kinds of modes of proxy server access.Wherein,
When direct linkage type access mode is exactly user by user terminal browser access target web, directly initiate access request to target web; Proxy server access mode is that user is while passing through all internet web pages of user terminal browser access, all complete by default proxy server, that is to say, proxy server is responsible for proxy user and is initiated access request to target web, obtain webpage, and, carry out as required webpage conversion, and export the webpage of conversion to user terminal browser and show.Compare direct linkage type access, access by proxy server, on the one hand, can help user terminal to complete webpage conversion, be applicable to thereby return the webpage that user terminal browser layout shows, not only can save user terminal and explain the amount of calculation of script, and can effectively reduce user terminal flow; On the other hand, proxy server self possesses buffer memory effect, is also conducive to improve the speed experience of user's accessed web page.Based on these factors, in actual applications, user terminal browser application proxy server conducts interviews comparatively extensive, and mainstream user's terminal browsers such as such as QQ user terminal browser, UCWeb and Opera Mini all have the mechanism that proxy server access is provided.
Internet technology, bringing user simultaneously greatly easily, has also been brought safety problem to user, and especially, in the process of user terminal browser access webpage, relevant safety problem also highlights gradually.For example, some malice fishing websites or webpage inveigle user in the time of accessed web page, require input account and encrypted message, thereby steal user account and password; Other malicious websites, if once user's connected reference will be collected high information service expense automatically, or deliberately arranges the trap of deducting fees; In addition, also have number of site, by issuing the link of viral wooden horse installation kit, affect the normal use of user terminal, harm user terminal.Thereby the security risk causing by user terminal browser access webpage, has become the problem that current mobile Internet is widely paid close attention to.
In order to strengthen the fail safe of user terminal browser access webpage, current, in the time of user terminal access internet through browsers webpage, ensure the secure access of browser based on networking scanning, that is to say, user passed through user terminal browser before downloading displayed page, in the time of request access target web, by the uniform resource locator (URL of this target web, Uniform Resource Locator) information to networking security server send, request security server authenticates the fail safe of this URL, security server carries out safety certification according to the safe web page database information of storage, and the safety certification response results to this URL is returned to user terminal, user terminal is carried out corresponding operating according to safety certification response results: if safety certification response results is safety, initiate access request to proxy server, if security server is judged this URL and is had security risk, can forbid this target web of user terminal browser access by security server setting, user terminal can not be initiated the access request to this webpage to proxy server, or, user is according to the security risk information comprising in safety certification response results, determine whether initiate access request to proxy server.
From above-mentioned, the method of existing access internet web page, the each safe web page data message that utilizes backstage (security server) to collect in advance, the webpage of user's request access is carried out to safety certification, and export safety certification response results to user terminal, user terminal determines whether to initiate access request to proxy server according to safety certification response results again, thereby reach the effect of secure access, but due to after safety certification, security server also needs the information of safety certification to be sent to user terminal, initiate access request by user terminal again, make the required time of user's accessed web page longer, thereby bring certain network delay expense, further, even webpage through safety certification, in its webpage, also there is more link redirect, if user need to access webpage corresponding to this link redirect, also need again this link jump information to be sent to security server, carry out safety certification, make to access the network delay that webpage corresponding to this link redirect cause larger, reduced user's experience, and, if link jump information is more, need constantly and security server carries out alternately, also having increased flow expense, increase user cost.
Summary of the invention
In view of this, main purpose of the present invention is to propose a kind of device of accessing internet web page, and the network delay expense, the raising user that reduce access internet web page experience.
Another object of the present invention is to propose a kind of system of accessing internet web page, the network delay expense, the raising user that reduce access internet web page experience.
A further object of the present invention is to propose a kind of method of accessing internet web page, and the network delay expense, the raising user that reduce access internet web page experience.
For achieving the above object, the invention provides a kind of device of accessing internet web page, this device comprises: access request processing module, security module, target web pull module and safe web page database module, wherein,
Access request processing module, for receiving access request, if the uniform resource locator URL information of the target web comprising in access request carries the mark that need carry out safety certification, exports the URL information of target web to security module;
Security module, for according to the safe web page database information of safe web page database module stores, carries out safety certification to the URL information of the target web receiving, if certification is passed through, exports the URL information of this target web to target web and pulls module;
Target web pulls module, for according to the URL information of the target web receiving, pulls info web, and export user terminal to from target web;
Safe web page database module, for storing webpage safety database information.
Described security module is further used for, in the time that safety certification is not passed through, returning to safety certification response results to user terminal; Correspondingly,
Access request processing module is further used for determining that the URL information of the target web comprising in access request carries the mark of forcing access, exports the URL information of target web to target web and pulls module.
Described security module be further used for when safety certification not by time, according to the security strategy setting in advance, determine that this target web can not access, in the safety certification response results of returning, carry disable access mark.
Described safety certification response results comprises: target web level of security is that the unknown and target web level of security are risk.
Further comprise:
Webpage modular converter, for the user terminal browser information carrying according to access request, pulls by target web the info web that module pulls and is converted to the structure of web page that adapts to this user terminal browser, exports the user terminal under this access request to.
Further comprise:
Web page interlinkage information analysis module, pulls for resolving target web the info web that module pulls, and obtains the link jump information comprising, and exports security module to; The level of security information that receives security module output, is embedded in this link jump information of info web, and exports info web to user terminal; Correspondingly,
Security module, is further used for receiving the link jump information that web page interlinkage information analysis module is exported, and carries out safety certification, exports the level of security information of certification to web page interlinkage information analysis module.
Access a system for internet web page, this system comprises: user terminal and proxy server, wherein,
User terminal, for initiating access request to proxy server, carry mark to carry out the URL information of the target web of safety certification; The target web information of Receiving Agent server output, shows;
Proxy server, be used for receiving access request, according to pre-stored safe web page database information, need carry out the URL information of the target web of safety certification to carrying mark and carry out safety certification, if safety certification is passed through, obtain target web information and export user terminal to.
Described proxy server comprises: access request processing module, security module, target web pull module and safe web page database module, wherein,
Access request processing module, for receiving access request, if the uniform resource locator URL information of the target web comprising in access request carries the mark that need carry out safety certification, exports the URL information of target web to security module;
Security module, for according to the safe web page database information of safe web page database module stores, carries out safety certification to the URL information of the target web receiving, if certification is passed through, exports the URL information of this target web to target web and pulls module;
Target web pulls module, for according to the URL information of the target web receiving, pulls info web, and export user terminal to from target web;
Safe web page database module, for storing webpage safety database information.
Described proxy server further comprises:
Webpage modular converter, for the user terminal browser information carrying according to access request, pulls by target web the info web that module pulls and is converted to the structure of web page that adapts to this user terminal browser, exports the user terminal under this access request to.
Described proxy server is further used for, in the time that safety certification is not passed through, returning to safety certification response results to user terminal; The URL information of the target web of mark pressure access is carried in reception, obtains target web information and exports user terminal to; Correspondingly,
User terminal is further used for the safety certification response results that Receiving Agent server returns, and determines this target web of access, initiates access request to proxy server, carries the URL information of the target web of mark pressure access.
Described proxy server further comprises:
Web page interlinkage information analysis module, pulls for resolving target web the info web that module pulls, and obtains the link jump information comprising, and exports security module to; The level of security information that receives security module output, is embedded in this link jump information of info web, and exports info web to user terminal; Correspondingly,
Security module, is further used for receiving the link jump information that web page interlinkage information analysis module is exported, and carries out safety certification, exports the level of security information of certification to web page interlinkage information analysis module;
User terminal, further in browsing page information, triggers when the link redirect in info web is conducted interviews, and shows to user the level of security information that this link redirect is corresponding; And in the time that user determines webpage corresponding to this link redirect of access, initiate access request to access request processing module, carry the mark of forcing access.
A method of accessing internet web page, the method comprises:
User terminal is initiated access request, carries the uniform resource locator URL information of the target web that mark need carry out safety certification;
Proxy server is according to pre-stored safe web page database information, carries mark and need carry out the URL information of the target web of safety certification and carry out safety certification what receive, determines that safety certification passes through, and obtains target web information and exports user terminal to;
The target web information of user terminal Receiving Agent server output, shows.
Describedly carry mark and need carry out the URL information of the target web of safety certification and carry out safety certification and further comprise what receive:
Proxy server determines that safety certification do not pass through, and returns to safety certification response results to user terminal;
The safety certification response results that user terminal Receiving Agent server returns, determines this target web of access, initiates access request to proxy server, carries the URL information of the target web of mark pressure access;
The URL information of target web that reception is carried mark and forced access, obtains target web information described in execution and exports the step of user terminal to.
Described obtain target web information after, before exporting user terminal to, further comprise:
The target web information that parsing is obtained, obtains the link jump information comprising, and carries out safety certification, according to the security attribute labelling strategies setting in advance, the level of security information of safety certification is embedded in this link jump information that target web packets of information contains.
Described security attribute labelling strategies comprises: only in the URL label that has security risk, increase the blacklist mechanism labelling strategies of security attribute value, only in the URL label of any security risk, increase the white list mechanism labelling strategies of security attribute value and to increasing the mixing name single-unit labelling strategies of security attribute value in all URL labels to not existing.
As seen from the above technical solutions, a kind of device, system and method for accessing internet web page provided by the invention, this system comprises: user terminal and proxy server, wherein, user terminal is initiated access request to proxy server, carries the uniform resource locator URL information of the target web that mark need carry out safety certification; The target web information of Receiving Agent server output, shows; Proxy server receives access request, according to pre-stored safe web page database information, need carry out the URL information of the target web of safety certification to carrying mark and carry out safety certification, if safety certification is passed through, obtain target web information and export user terminal to.Like this, utilize the function of the secure access of proxy server extending user terminal browser, by the configuration of browser of mobile terminal and proxy server, webpage is carried out to safety certification, and after safety certification is passed through, directly pull this info web, reduce the network delay expense of access internet web page, thereby the service that provides safety to browse for user in the situation that not increasing additional networks delay, has improved user's experience.
Brief description of the drawings
Fig. 1 is the system configuration schematic diagram of embodiment of the present invention access internet web page.
Fig. 2 is embodiment of the present invention proxy server structural representation.
Fig. 3 is the method flow schematic diagram of embodiment of the present invention access internet web page.
Fig. 4 is the method flow schematic diagram of the direct requested webpage access of the embodiment of the present invention.
Fig. 5 is the method flow schematic diagram of embodiment of the present invention link redirect access.
Embodiment
For making the object, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below in conjunction with the accompanying drawings and the specific embodiments.
In prior art, in order to improve the fail safe of access internet web page, user terminal need to send the URL information of target web to carry out safety certification to security server, and the safety certification response message of returning according to security server, determine whether initiate the access to target web by proxy server, increase the network delay expense that user terminal and security server cause alternately, reduced user's experience.In the embodiment of the present invention, consider to replace security server authenticated user to submit the fail safe of the webpage of request access to by proxy server, if the safety certification of the webpage of request access is passed through, directly access the webpage of this request access, and for the unsanctioned webpage of safety certification, the safety certification response results that user terminal returns according to proxy server, determines whether to access this webpage, thus the service that provides safety to browse for user in the situation that not increasing additional networks delay.
Fig. 1 is the system configuration schematic diagram of embodiment of the present invention access internet web page.Referring to Fig. 1, this system comprises: user terminal and proxy server, wherein,
User terminal, for initiating access request to proxy server, carry mark to carry out the URL information of the target web of safety certification; The target web information of Receiving Agent server output, shows;
In the embodiment of the present invention, need carry out the mark of safety certification and can be consulted in advance to determine by proxy server and user terminal.
Further, the safety certification response results that user terminal also returns for Receiving Agent server, determines this target web of access, initiates access request to proxy server, carries the URL information of the target web of mark pressure access.
Proxy server, be used for receiving access request, according to pre-stored safe web page database information, need carry out the URL information of the target web of safety certification to carrying mark and carry out safety certification, if safety certification is passed through, obtain target web information and export user terminal to.
In the embodiment of the present invention, proxy server is further used for, in the time that safety certification is not passed through, returning to safety certification response results to user terminal; The URL information of the target web of mark pressure access is carried in reception, obtains target web information and exports user terminal to.
Safety certification response results comprises: target web level of security is that the unknown and target web level of security are risk.
Further, be the malicious websites such as risk or the unknown website of deducting fees, fishing website, deceptive information website and viral wooden horse link for level of security, can be in safety certification response results, directly carry this information, to point out the target web of access for malicious websites such as the website of deducting fees, fishing website, deceptive information website or viral wooden horse links to user.
Preferably, proxy server is the user terminal browser information for carrying according to access request also, target web is converted to the structure of web page that adapts to this user terminal browser, exports the affiliated user terminal of this access request to.
Fig. 2 is embodiment of the present invention proxy server structural representation.Referring to Fig. 2, this proxy server comprises: access request processing module, security module, target web pull module and safe web page database module, wherein,
Access request processing module, for receiving access request, if the URL information of the target web comprising in access request carries the mark that need carry out safety certification, exports the URL information of target web to security module;
In the embodiment of the present invention, carry the mark of forcing access if access request processing module is also further used for the URL information of the target web comprising in judgement access request, export the URL information of target web to target web and pull module.
Security module, for according to the safe web page database information of safe web page database module stores, carries out safety certification to the URL information of the target web receiving, if certification is passed through, exports the URL information of this target web to target web and pulls module;
In the embodiment of the present invention, security module is also further used for, in the time that safety certification is not passed through, returning to safety certification response results to user terminal; And, can be after the safety certification of the URL of target web information not be passed through, further according to the security strategy setting in advance, determine that this target web can not access, in the safety certification response results of returning, carry disable access mark.Like this; even if the safety certification response results that user terminal Receiving Agent server returns, determines this target web of access, also do not initiate access request to proxy server; but show to user the information that this target web is denied access, effectively to protect user's interests.Certainly,, in order to respect user's selection, even for the webpage that has security risk, also can in the page of indicating risk, provide the entrance of forcing to continue access to user.In this case, user terminal browser is in the time again asking this webpage, at HTML (Hypertext Markup Language) (HTTP, Hypertext Transfer Protocol) GET method (access request) in increase associated safety parameter, user's mandatory requirement with this URL request of instruction proxy server, proxy server after receiving, no longer active inquiry safe web page database, and directly proxy user request and return to webpage.
The security strategy setting in advance can be according to the user profile in user access request, and it is minor that inquiry obtains this user, or this target web relates to the filthy content such as pornographic, violence etc.
Target web pulls module, for according to the URL information of the target web receiving, pulls info web, and export user terminal to from target web;
Safe web page database module, for storing webpage safety database information.
In the embodiment of the present invention, the safe web page database information of storage comprises the level of security information of webpage URL information and mapping thereof.For example, can set in advance 1 expression level of security is safety, and 2 represent that level of security is unknown, and 3 represent that level of security is risk.Like this, if the level of security value of webpage URL mapping is 1, represent that this webpage is safe.
Preferably, this proxy server also comprises:
Webpage modular converter, for the user terminal browser information carrying according to access request, pulls by target web the info web that module pulls and is converted to the structure of web page that adapts to this user terminal browser, exports the user terminal under this access request to.
In practical application, even webpage through safety certification, in its webpage, also there is more link redirect, in the embodiment of the present invention, the link redirect situation existing for the webpage pulling, web page interlinkage information analysis module is further set, pull for resolving target web the info web that module pulls, obtain the link jump information comprising, export security module to; The level of security information that receives security module output, is embedded in this link jump information of info web, and exports info web to user terminal; Correspondingly,
Security module, is further used for receiving the link jump information that web page interlinkage information analysis module is exported, and carries out safety certification, exports the level of security information of certification to web page interlinkage information analysis module;
User terminal, further in browsing page information, triggers when the link redirect in info web is conducted interviews, and shows to user the level of security information that this link redirect is corresponding; And in the time that user determines webpage corresponding to this link redirect of access, initiate access request to access request processing module, carry the mark of forcing access.
Like this, as previously mentioned, even for the webpage that has security risk, also can in the page of indicating risk, provide the entrance of forcing to continue access to user, if user need to access webpage corresponding to this link redirect, do not need again this link jump information to be sent to carry out safety certification to security server, effectively reduce network delay and the network traffics of webpage corresponding to this link redirect of access, thereby improved user's experience.
From above-mentioned, the system of the access internet web page of the embodiment of the present invention, user terminal is initiated access request to proxy server, carries mark and need carry out the URL information of the target web of safety certification; The target web information of Receiving Agent server output, shows; Proxy server receives access request, according to pre-stored safe web page database information, need carry out the URL information of the target web of safety certification to carrying mark and carry out safety certification, if safety certification is passed through, obtain target web information and export user terminal to.Like this, the function of utilizing the safety of proxy server extending user terminal browser to browse, by the configuration of browser of mobile terminal and proxy server, webpage is carried out to safety certification, and after safety certification is passed through, directly pull this info web, reduce the network delay expense of access internet web page, thereby the service that provides safety to browse for user in the situation that not increasing additional networks delay, has improved user's experience.Further, by embed associated safety class information in the link jump information of info web, by increasing a small amount of additional networks flow, can effectively and fast point out to user the malicious websites such as website, fishing website, deceptive information website and viral wooden horse link of deducting fees, the risk that can give user's necessity is reminded, and does not extend user's the webpage stand-by period.
Fig. 3 is the method flow schematic diagram of embodiment of the present invention access internet web page.Referring to Fig. 3, this flow process comprises:
Step 301, user terminal is initiated access request, carries mark and need carry out the URL information of the target web of safety certification;
In this step, when user terminal need to be accessed internet web page, obtain the URL information of the target web that needs access, and carry the mark that need carry out safety certification, be encapsulated in access request, send to proxy server.
Step 302, proxy server is according to pre-stored safe web page database information, carry mark and need carry out the URL information of the target web of safety certification and carry out safety certification what receive, determine that safety certification passes through, obtain target web information and export user terminal to;
In this step, if the safety certification of the URL information of proxy server to target web is passed through, directly pull this target web information according to the URL information of this target web, do not need authentication information to return to user terminal, thereby reduced the network delay expense of accessing internet web page.
Step 303, the target web information of user terminal Receiving Agent server output, shows.
Preferably, carry mark and need carry out the URL information of the target web of safety certification and carry out safety certification and also further comprise what receive:
Proxy server determines that safety certification do not pass through, and returns to safety certification response results to user terminal;
The safety certification response results that user terminal Receiving Agent server returns, determines this target web of access, initiates access request to proxy server, carries the URL information of the target web of mark pressure access;
The URL information of target web that reception is carried mark and forced access, obtains target web information described in execution and exports the step of user terminal to.
In practical application, when user terminal access internet through browsers webpage, according to user's webpage unfolding mode, can be divided into " directly requested webpage " and " linking redirect " two kinds of situations, for the situation of direct requested webpage, in the target web of opening, do not comprise the linked web pages URL information of embedding, and for the situation that links redirect, in the target web of opening, the linked web pages URL information that comprises embedding, user can be by the webpage of opening, clickthrough webpage URL information, thereby trigger another webpage of access, in the embodiment of the present invention, in order to ensure user's access security, also need linked web pages URL information to carry out safety certification, be described respectively below.
Fig. 4 is the method flow schematic diagram of the direct requested webpage access of the embodiment of the present invention.Referring to Fig. 4, this flow process comprises:
Step 401, user terminal browser is to proxy server request authentication URL;
Step 402, proxy server query webpage safety database, obtains the security attribute of this URL;
Step 403, judges whether the security attribute of this URL exists security risk, if so, and execution step 404, otherwise, execution step 405;
Step 404, proxy server generates prompting webpage information according to risk type, returns to user terminal browser;
In this step, proxy server can directly return to a specific Webpage, informs its security risk of user.
Step 405, accesses the webpage that this URL is corresponding.
In this step, if the security attribute of URL does not exist security risk, directly access the webpage that this URL is corresponding, for user provides service.
Fig. 5 is the method flow schematic diagram of embodiment of the present invention link redirect access.Whether generation links redirect, and the target web information that can pull by proxy server parses, judges in this target web information whether have link jump information, if existed, referring to Fig. 5, this flow process comprises:
Step 501, proxy server judges the security attribute of the each URL occurring in Webpage;
In this step, the content of pages that proxy server receiving target webpage (web server) returns, its security module, for the each URL comprising in the page, connects webpage safety database and carries out the inquiry of security attribute.
Step 502, proxy server increases corresponding security attribute value in the label that partly or entirely URL is corresponding to be described according to the security attribute labelling strategies setting in advance;
In practical application, in order to reduce proxy server and user terminal browser to newly appending the processing complexity of attribute, the security module of proxy server is in appending security attribute, can be according to the security attribute labelling strategies setting in advance, the URL that needs mark is carried out to mark, and in the embodiment of the present invention, security attribute labelling strategies comprises: blacklist mechanism labelling strategies, white list mechanism labelling strategies and a mixing name single-unit labelling strategies, wherein
One, blacklist mechanism: only in the URL label that has security risk, increase security attribute value, like this, for all extra process again of the normal webpage of major part.Accordingly, attempt to open when having security attribute value and being designated as the URL of risk user, user terminal browser can block and eject information with reminding user in suitable mode.
Certainly, as previously mentioned, attempt to open when having security attribute value and being designated as the URL of risk user, the prompting that also can eject this webpage of disable access, forbids that user accesses.
Blacklist mechanism is applicable to the online environment relatively loose to the requirement of user terminal Browsing Safety while Using, like this, and by safeguarding the info web that only has risk, can reduce Database size, certainly,, if safe web page database is perfect not, also can introduce failing to judge of some security risks.
Two, white list mechanism: only increase security attribute value to not existing in the URL label of any security risk, accordingly, attempt to open when having security attribute value and being designated as safe URL user, user terminal browser can the current access of explicit indicating user be safe in suitable mode, the URL not providing for security attribute value, be other uncertainty and risk ranks and risky URL, in the time attempting to open, user terminal browser can not provide the instruction that safety is browsed, certainly, in practical application, also can eject indicating risk.
This mechanism is applicable to the online environment relatively strict to access security requirement, by an information of maintenance safe webpage, also can effectively reduce the size of database, certainly, in practical application, if safe web page database is perfect not, also can introduce the situation of the explicit instruction of the not viewed device of URL of some former safety.
Three, mix name single-unit:, for the URL, the increase URL safety label property value that do not have security risk, indicate this URL safety; For uncertain URL, for example, the URL that safe web page data base querying is miss or have the URL of security risk, not carrying out extra process or increasing implication is the tag attributes value of unknown safety or risk.
Under this kind of mechanism, safe web page database need to be safeguarded the URL information of full dose, thereby browser can provide clearer and more definite safety instruction.
In above-mentioned example, the span of security attribute value depends on the safe condition of website and describes, and comprises safety, unknown and risk three major types, and risk can be further subdivided into the website of deducting fees, viral website, wooden horse website, deceptive information website, fishing website etc.These information represent with specific ID, and it is unified between proxy server and browser, to set up agreement, like this, are convenient to browser and represent detailed risk type prompting to user.
In this step, security module is appended to Query Result in page script in the mode of property value, for instance, represent for conventional link redirect: <a href=" http://www.qq.com " >QQ</a>, the security module of proxy server is appended the property value of security_level, new link jump list is shown <a href=" http://www.qq.com " security_level=" 1 " >QQ</a>, here value is 1 to be expressed as safe URL.
In addition, process complexity in order to reduce browser, for all mechanism, proxy server is taked the method for duplicate removal in mark security attribute value.Like this, same URL can repeatedly not added security attribute value, reduces the computing cost of browser resolves.
Step 503, each URL label in user terminal browser resolves webpage, and record its security attribute value, the security attribute value based on URL adopts suitable prompting in the time of displayed page.
In this step, whether user can access the link redirect that this URL is corresponding according to the information decision of prompting, if determine access, initiates access request to proxy server, carries the URL information of the target web of mark pressure access.
The foregoing is only preferred embodiment of the present invention, be not intended to limit protection scope of the present invention.Within the spirit and principles in the present invention all, any amendment of doing, be equal to and replace and improvement etc., within all should being included in protection scope of the present invention.

Claims (11)

1. a device of accessing internet web page, is characterized in that, this device comprises: access request processing module, security module, target web pull module, safe web page database module, webpage modular converter, wherein,
Access request processing module, for receiving access request, if the uniform resource locator URL information of the target web comprising in access request carries the mark that need carry out safety certification, exports the URL information of target web to security module; The URL information of the target web comprising for definite access request carries the mark of forcing access, exports the URL information of target web to target web and pulls module;
Security module, be used for according to the safe web page database information of safe web page database module stores, URL information to the target web receiving is carried out safety certification, if certification is passed through, export the URL information of this target web to target web and pull module, if certification is not passed through, return to safety certification response results to user terminal;
Target web pulls module, for according to the URL information of the target web receiving, pulls info web from target web;
Webpage modular converter, for the user terminal browser information carrying according to access request, pulls by target web the info web that module pulls and is converted to the structure of web page that adapts to this user terminal browser, exports user terminal to;
Safe web page database module, for storing webpage safety database information.
2. device as claimed in claim 1, it is characterized in that, described security module is further used in the time that safety certification is not passed through, according to the security strategy setting in advance, determine that this target web can not access, in the safety certification response results of returning, carry disable access mark.
3. device as claimed in claim 2, is characterized in that, described safety certification response results comprises: target web level of security is that the unknown and target web level of security are risk.
4. the device as described in claim 1 or 3, is characterized in that, further comprises:
Web page interlinkage information analysis module, pulls for resolving target web the info web that module pulls, and obtains the link jump information comprising, and exports security module to; The level of security information that receives security module output, is embedded in this link jump information of info web, and exports info web to user terminal; Correspondingly,
Security module, is further used for receiving the link jump information that web page interlinkage information analysis module is exported, and carries out safety certification, exports the level of security information of certification to web page interlinkage information analysis module.
5. a system of accessing internet web page, is characterized in that, this system comprises: user terminal and proxy server, wherein,
User terminal, for initiating access request to proxy server, carry mark to carry out the URL information of the target web of safety certification; The target web information of Receiving Agent server output, shows; The safety certification response results of returning for Receiving Agent server, determines this target web of access, initiates access request to proxy server, carries the URL information that identifies the target web of forcing access;
Proxy server, be used for receiving access request, according to pre-stored safe web page database information, need carry out the URL information of the target web of safety certification to carrying mark and carry out safety certification, if safety certification is passed through, obtain target web information, the user terminal browser information carrying according to access request, after being converted to the structure of web page that adapts to this user terminal browser, target web information exports user terminal to, if safety certification is not passed through, return to safety certification response results to user terminal; The URL information of the target web of mark pressure access is carried in reception, obtains target web information and exports user terminal to.
6. system as claimed in claim 5, is characterized in that, described proxy server comprises: access request processing module, security module, target web pull module, safe web page database module, webpage modular converter, wherein,
Access request processing module, for receiving access request, if the uniform resource locator URL information of the target web comprising in access request carries the mark that need carry out safety certification, exports the URL information of target web to security module; The URL information of the target web comprising for definite access request carries the mark of forcing access, exports the URL information of target web to target web and pulls module;
Security module, be used for according to the safe web page database information of safe web page database module stores, URL information to the target web receiving is carried out safety certification, if certification is passed through, export the URL information of this target web to target web and pull module, if certification is not passed through, return to safety certification response results to user terminal;
Target web pulls module, for according to the URL information of the target web receiving, pulls info web from target web;
Webpage modular converter, for the user terminal browser information carrying according to access request, pulls by target web the info web that module pulls and is converted to the structure of web page that adapts to this user terminal browser, exports user terminal to;
Safe web page database module, for storing webpage safety database information.
7. system as claimed in claim 6, is characterized in that, described proxy server further comprises:
Webpage modular converter, for the user terminal browser information carrying according to access request, pulls by target web the info web that module pulls and is converted to the structure of web page that adapts to this user terminal browser, exports the user terminal under this access request to.
8. the system as described in claim 6 to 9 any one, is characterized in that, described proxy server further comprises:
Web page interlinkage information analysis module, pulls for resolving target web the info web that module pulls, and obtains the link jump information comprising, and exports security module to; The level of security information that receives security module output, is embedded in this link jump information of info web, and exports info web to user terminal; Correspondingly,
Security module, is further used for receiving the link jump information that web page interlinkage information analysis module is exported, and carries out safety certification, exports the level of security information of certification to web page interlinkage information analysis module;
User terminal, further in browsing page information, triggers when the link redirect in info web is conducted interviews, and shows to user the level of security information that this link redirect is corresponding; And in the time that user determines webpage corresponding to this link redirect of access, initiate access request to access request processing module, carry the mark of forcing access.
9. a method of accessing internet web page, is characterized in that, the method comprises:
User terminal is initiated access request, carries the uniform resource locator URL information of the target web that mark need carry out safety certification;
Proxy server is according to pre-stored safe web page database information, carry mark and need carry out the URL information of the target web of safety certification and carry out safety certification what receive, determine that safety certification passes through, obtain target web information, the user terminal browser information carrying according to access request, is converted to target web information to adapt to export user terminal to after the structure of web page of this user terminal browser; Determine that safety certification do not pass through, return to safety certification response results to user terminal;
The safety certification response results that user terminal Receiving Agent server returns, determines this target web of access, initiates access request to proxy server, carries the URL information of the target web of mark pressure access;
Proxy server receives the URL information of target web of carrying mark and forcing access, obtains target web information described in execution and exports the step of user terminal to;
The target web information of user terminal Receiving Agent server output, shows.
10. method as claimed in claim 9, is characterized in that, described obtain target web information after, before exporting user terminal to, further comprise:
The target web information that parsing is obtained, obtains the link jump information comprising, and carries out safety certification, according to the security attribute labelling strategies setting in advance, the level of security information of safety certification is embedded in this link jump information that target web packets of information contains.
11. methods as claimed in claim 10, it is characterized in that, described security attribute labelling strategies comprises: only in the URL label that has security risk, increase the blacklist mechanism labelling strategies of security attribute value, only in the URL label of any security risk, increase the white list mechanism labelling strategies of security attribute value and to increasing the mixing name single-unit labelling strategies of security attribute value in all URL labels to not existing.
CN201110070193.4A 2011-03-23 2011-03-23 Apparatus, system and method for accessing internet web pages Active CN102694772B (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201110070193.4A CN102694772B (en) 2011-03-23 2011-03-23 Apparatus, system and method for accessing internet web pages
US14/005,962 US8898738B2 (en) 2011-03-23 2011-12-12 Apparatus, system and method for accessing internet webpage
PCT/CN2011/083807 WO2012126263A1 (en) 2011-03-23 2011-12-12 Device, system and method for accessing internet web page

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110070193.4A CN102694772B (en) 2011-03-23 2011-03-23 Apparatus, system and method for accessing internet web pages

Publications (2)

Publication Number Publication Date
CN102694772A CN102694772A (en) 2012-09-26
CN102694772B true CN102694772B (en) 2014-12-10

Family

ID=46860059

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110070193.4A Active CN102694772B (en) 2011-03-23 2011-03-23 Apparatus, system and method for accessing internet web pages

Country Status (3)

Country Link
US (1) US8898738B2 (en)
CN (1) CN102694772B (en)
WO (1) WO2012126263A1 (en)

Families Citing this family (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103368999A (en) * 2012-03-29 2013-10-23 富泰华工业(深圳)有限公司 Internet access system and method
CN102882886B (en) * 2012-10-17 2016-03-30 北京奇虎科技有限公司 A kind of network terminal and method presenting the relevant information of access websites
CN103116725B (en) * 2013-02-01 2015-12-02 北京奇虎科技有限公司 The method of screen locking, device and browser are carried out to webpage
CN103973749A (en) * 2013-02-05 2014-08-06 腾讯科技(深圳)有限公司 Cloud server and website processing method based on same
CN104052630B (en) * 2013-03-14 2019-10-11 北京百度网讯科技有限公司 The method and system of verifying is executed to website
CN104125258B (en) * 2013-04-28 2016-03-30 腾讯科技(深圳)有限公司 Method for page jump, terminal, server and system
CN104239302B (en) * 2013-06-07 2017-10-03 腾讯科技(深圳)有限公司 Content of pages acquisition methods, device and application apparatus and mobile terminal
CN103368958A (en) 2013-07-05 2013-10-23 腾讯科技(深圳)有限公司 Method, device and system for detecting webpage
CN104468485B (en) * 2013-09-23 2018-11-16 西门子公司 A kind of webpage scan method, device and system
CN104572641B (en) * 2013-10-10 2019-10-25 腾讯科技(深圳)有限公司 The management method and device of web page resources
US9935977B1 (en) * 2013-12-09 2018-04-03 Amazon Technologies, Inc. Content delivery employing multiple security levels
US10068014B2 (en) * 2014-02-06 2018-09-04 Fastly, Inc. Security information management for content delivery
US9419986B2 (en) * 2014-03-26 2016-08-16 Symantec Corporation System to identify machines infected by malware applying linguistic analysis to network requests from endpoints
EP3143524A1 (en) 2014-05-13 2017-03-22 Opera Software AS Web access performance enhancement
US9635041B1 (en) * 2014-06-16 2017-04-25 Amazon Technologies, Inc. Distributed split browser content inspection and analysis
CN104994091B (en) * 2015-06-30 2018-04-27 东软集团股份有限公司 Detection method and device, the method and apparatus of defence Web attacks of abnormal flow
CN106453216A (en) * 2015-08-13 2017-02-22 阿里巴巴集团控股有限公司 Malicious website interception method, malicious website interception device and client
CN105335511A (en) * 2015-10-30 2016-02-17 百度在线网络技术(北京)有限公司 Webpage access method and device
CN106911733B (en) * 2015-12-22 2021-07-23 北京奇虎科技有限公司 Cloud proxy website access method and device
CN105743890B (en) * 2016-01-27 2020-07-17 上海优扬新媒信息技术有限公司 Authority information generation method and device
CN105704238B (en) * 2016-03-31 2019-02-01 上海爱数信息技术股份有限公司 HTML method for previewing and system based on open storage service system
US10860715B2 (en) * 2016-05-26 2020-12-08 Barracuda Networks, Inc. Method and apparatus for proactively identifying and mitigating malware attacks via hosted web assets
CN105915639B (en) * 2016-06-06 2020-08-04 腾讯科技(深圳)有限公司 Page access method and device
CN106357603A (en) * 2016-08-18 2017-01-25 乐视控股(北京)有限公司 Web page security detection processing method and device
CN106326455A (en) * 2016-08-26 2017-01-11 乐视控股(北京)有限公司 Web page browsing filtering processing method and system, terminal and cloud acceleration server
US11095682B1 (en) * 2016-08-26 2021-08-17 Palo Alto Networks, Inc. Mitigating phishing attempts
US10075417B2 (en) * 2016-09-12 2018-09-11 International Business Machines Corporation Verifying trustworthiness of redirection targets in a tiered web delivery network
US20180183799A1 (en) * 2016-12-28 2018-06-28 Nanning Fugui Precision Industrial Co., Ltd. Method and system for defending against malicious website
CN107819754B (en) * 2017-10-30 2020-01-14 网宿科技股份有限公司 Anti-hijacking method, monitoring server, terminal and system
WO2019089418A1 (en) * 2017-10-31 2019-05-09 Wood Michael C Computer security system and method based on user-intended final destination
CN107948179B (en) * 2017-12-05 2020-09-18 北京知道创宇信息技术股份有限公司 Network payment monitoring method and system
CN108052632B (en) * 2017-12-20 2022-02-18 成都律云科技有限公司 Network information acquisition method and system and enterprise information search system
US11470113B1 (en) * 2018-02-15 2022-10-11 Comodo Security Solutions, Inc. Method to eliminate data theft through a phishing website
CN110213211B (en) * 2018-05-22 2021-08-20 腾讯科技(深圳)有限公司 Method, device, terminal and storage medium for identifying secure download link
CN111597473B (en) * 2019-02-20 2023-04-25 阿里巴巴集团控股有限公司 Data transmission method, terminal equipment, server and data transmission system
CN110377848A (en) * 2019-06-21 2019-10-25 深圳壹账通智能科技有限公司 Page access method, apparatus, equipment and computer readable storage medium
CN110275877A (en) * 2019-06-24 2019-09-24 北京搜房科技发展有限公司 Data processing method and device
CN110278271B (en) * 2019-06-24 2022-04-12 厦门美图之家科技有限公司 Network request control method and device and terminal equipment
CN110413846B (en) * 2019-07-29 2022-05-20 数译(成都)信息技术有限公司 Data processing method and device for webpage mirror image and computer readable storage medium
CN111190492B (en) * 2019-12-25 2023-07-18 曙光信息产业(北京)有限公司 Method and device for starting KVM
US20220131877A1 (en) * 2020-10-23 2022-04-28 Paypal, Inc. Neutralizing Evasion Techniques of Malicious Websites
CN114745145B (en) * 2021-01-07 2023-04-18 腾讯科技(深圳)有限公司 Business data access method, device and equipment and computer storage medium
CN112511569B (en) * 2021-02-07 2021-05-11 杭州筋斗腾云科技有限公司 Method and system for processing network resource access request and computer equipment
CN113205343A (en) * 2021-06-07 2021-08-03 中国银行股份有限公司 Method, equipment and system for recognizing and protecting fraud messages based on biological recognition
CN113641936B (en) * 2021-08-12 2023-08-11 百度在线网络技术(北京)有限公司 Method, device, electronic equipment and storage medium for page skip
CN115842641A (en) * 2021-09-18 2023-03-24 贵州白山云科技股份有限公司 Access request processing method, electronic device, and medium
US20230171260A1 (en) * 2021-12-01 2023-06-01 Bank Of America Corporation System and method for maintaining network security in a mesh network by analyzing ip stack layer information in communications
CN113938327B (en) * 2021-12-17 2022-05-24 亿次网联(杭州)科技有限公司 VPN service access method and access system, electronic device and storage medium
CN114338142A (en) * 2021-12-27 2022-04-12 云深互联(北京)科技有限公司 Safety access system and method based on browser
CN115904444A (en) * 2022-12-10 2023-04-04 中电金信软件有限公司 Network application display method and device and computer equipment

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917404A (en) * 2010-07-15 2010-12-15 优视科技有限公司 Safety defense method for browser of mobile terminal

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080119177A1 (en) 2006-09-15 2008-05-22 Speedus Corp. Metadata Content Delivery System for Wireless Networks
CN101132404A (en) * 2007-09-14 2008-02-27 腾讯科技(深圳)有限公司 Web page contents step presentation system and method thereof
CN100527147C (en) * 2007-10-17 2009-08-12 深圳市迅雷网络技术有限公司 Web page safety information detecting system and method
CN101729857A (en) 2009-11-24 2010-06-09 中兴通讯股份有限公司 Method for accessing video service and video playing system
CN101977235B (en) * 2010-11-03 2013-03-27 北京北信源软件股份有限公司 URL (Uniform Resource Locator) filtering method aiming at HTTPS (Hypertext Transport Protocol Server) encrypted website access

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101917404A (en) * 2010-07-15 2010-12-15 优视科技有限公司 Safety defense method for browser of mobile terminal

Also Published As

Publication number Publication date
WO2012126263A1 (en) 2012-09-27
US20140059649A1 (en) 2014-02-27
CN102694772A (en) 2012-09-26
US8898738B2 (en) 2014-11-25

Similar Documents

Publication Publication Date Title
CN102694772B (en) Apparatus, system and method for accessing internet web pages
CN105871838B (en) A kind of log-in control method and customer center platform of third party&#39;s account
CN105959335B (en) A kind of attack detection method and relevant apparatus
CN101388768B (en) Method and device for detecting malicious HTTP request
US9740869B1 (en) Enforcement of document element immutability
CN103001817B (en) A kind of method and apparatus of real-time detection of webpage cross-domain request
CN109960944A (en) A kind of data desensitization method, server, terminal and computer readable storage medium
US10972507B2 (en) Content policy based notification of application users about malicious browser plugins
CN103607385A (en) Method and apparatus for security detection based on browser
CN107015996A (en) A kind of resource access method, apparatus and system
CN102129528A (en) WEB page tampering identification method and system
CN111552854A (en) Webpage data capturing method and device, storage medium and equipment
US8510443B2 (en) Real-time harmful website blocking method using object attribute access engine
CN103810176A (en) Pre-fetching accessing method and device of webpage information
US8407766B1 (en) Method and apparatus for monitoring sensitive data on a computer network
CN106899549B (en) Network security detection method and device
KR20180074774A (en) How to identify malicious websites, devices and computer storage media
CN110430188A (en) A kind of quick url filtering method and device
WO2015078170A1 (en) Resource access method and apparatus, and server and terminal
CN108494762A (en) Web access method, device and computer readable storage medium, terminal
CN110266661A (en) A kind of authorization method, device and equipment
CN108667770A (en) A kind of loophole test method, server and the system of website
Steiner et al. Fulfilling the hypermedia constraint via http options, the http vocabulary in rdf, and link headers
CN109508437A (en) A kind of search website auditing method, system and gateway and storage medium
CN108282478A (en) A kind of WEB site safeties detection method, device and computer-readable medium

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20221115

Address after: 1402, Floor 14, Block A, Haina Baichuan Headquarters Building, No. 6, Baoxing Road, Haibin Community, Xin'an Street, Bao'an District, Shenzhen, Guangdong 518133

Patentee after: Shenzhen Yayue Technology Co.,Ltd.

Address before: 2, 518044, East 403 room, SEG science and Technology Park, Zhenxing Road, Shenzhen, Guangdong, Futian District

Patentee before: TENCENT TECHNOLOGY (SHENZHEN) Co.,Ltd.